Action not permitted
Modal body text goes here.
cve-2021-37401
Vulnerability from cvelistv5
Published
2021-12-28 12:09
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92279973/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-28T12:16:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU92279973/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A",
"refsource": "MISC",
"url": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A"
},
{
"name": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer",
"refsource": "MISC",
"url": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer"
},
{
"name": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf",
"refsource": "MISC",
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92279973/",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92279973/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37401",
"datePublished": "2021-12-28T12:09:52",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-37401\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-12-28T13:15:08.267\",\"lastModified\":\"2022-01-07T20:29:50.673\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.\"},{\"lang\":\"es\",\"value\":\"Un atacante puede obtener las credenciales de usuario de servidores de archivos, repositorios de copias de seguridad o archivos ZLD guardados en tarjetas SD. Como resultado, el programa de usuario del PLC puede ser cargado, alterado y/o descargado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:idec:data_file_manager:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.12.1\",\"matchCriteriaId\":\"5E7A2720-6B29-4BD1-B85B-293850D804A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:idec:windedit:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"FA314D4B-B187-4238-B341-E2B9F94EBEBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:idec:windldr:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.19.1\",\"matchCriteriaId\":\"7ED0922F-93CB-41B3-A468-44845F428945\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:idec:microsmart_plus_fc6b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF6D25F-C546-4C37-B01E-E71BD2AF09EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:idec:microsmart_plus_fc6b_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.31\",\"matchCriteriaId\":\"950DD61E-60D8-4102-A18F-18A4706DE647\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:idec:microsmart_plus_fc6a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CFD58FF-AAE9-47F8-971C-442E2E8C4499\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:idec:microsmart_plus_fc6a_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.91\",\"matchCriteriaId\":\"01FFD59B-27E0-4D27-A339-FE78D7407C02\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:idec:microsmart_fc6b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"051DFC18-8576-40AF-96A0-2434230234F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:idec:microsmart_fc6b_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.31\",\"matchCriteriaId\":\"24BEE40B-C239-4A38-B9EE-0AAD7699D53E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:idec:microsmart_fc6a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"892DE7A7-7D54-4EE5-97B7-2B8A0B190DFB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:idec:microsmart_fc6a_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.32\",\"matchCriteriaId\":\"59A9BAF0-7AFD-4918-81E2-6949B71E4208\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:idec:ft1a_smartaxix_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B13D383E-A48F-4C5A-B592-3356523FEEB1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:idec:ft1a_smartaxix_pro_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.31\",\"matchCriteriaId\":\"7F546B0A-0B08-4B79-87A8-1286F334339E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:idec:ft1a_smartaxix_lite:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FA6299D-C20C-4C04-B6F1-CE3DE1167770\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:idec:ft1a_smartaxix_lite_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.31\",\"matchCriteriaId\":\"401ED91B-67F5-4319-8B66-C028B1AB09A6\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU92279973/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
icsa-22-006-03
Vulnerability from csaf_cisa
Published
2022-01-06 00:00
Modified
2022-01-06 00:00
Summary
IDEC PLCs
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow an attacker to upload, alter, and/or download the PLC user program. An attacker could also access the PLC web server and hijack the controllers, resulting in the manipulation and/or suspension of the PLC output.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Japan
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Khalid Ansari"
],
"organization": "FM Approvals",
"summary": "reporting these vulnerabilities to IDEC Corporation"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to upload, alter, and/or download the PLC user program. An attacker could also access the PLC web server and hijack the controllers, resulting in the manipulation and/or suspension of the PLC output.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-22-006-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-006-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-22-006-03 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-006-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "IDEC PLCs",
"tracking": {
"current_release_date": "2022-01-06T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-22-006-03",
"initial_release_date": "2022-01-06T00:00:00.000000Z",
"revision_history": [
{
"date": "2022-01-06T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-22-006-03 IDEC PLCs"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.12.1",
"product": {
"name": "Data File Manager: v2.12.1 and earlier",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Data File Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.32",
"product": {
"name": "FC6A MICROSmart All-in-One CPU Module: v2.32 and earlier",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "FC6A MICROSmart All-in-One CPU Module"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.91",
"product": {
"name": "FC6A MICROSmart Plus CPU Module: v1.91 and earlier",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "FC6A MICROSmart Plus CPU Module"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.31",
"product": {
"name": "FC6B MICROSmart All-in-One CPU Module: v2.31 and earlier",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "FC6B MICROSmart All-in-One CPU Module"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.31",
"product": {
"name": "FC6B MICROSmart Plus CPU Module: v2.31 and earlier",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "FC6B MICROSmart Plus CPU Module"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 2.31",
"product": {
"name": "FT1A Controller SmartAXIS Pro/Lite: v2.31 and earlier",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "FT1A Controller SmartAXIS Pro/Lite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.3.1",
"product": {
"name": "WindEDIT: Lite v1.3.1 and earlier",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "WindEDIT"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.3.1",
"product": {
"name": "WindEDIT Lite: v1.3.1 and earlier",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "WindEDIT Lite"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 8.19.1",
"product": {
"name": "WindLDR: v8.19.1 and earlier",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "WindLDR"
}
],
"category": "vendor",
"name": "IDEC"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37400",
"cwe": {
"id": "CWE-523",
"name": "Unprotected Transport of Credentials"
},
"notes": [
{
"category": "summary",
"text": "An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.CVE-2021-37400 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37400"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "FC6A MICROSmart All-in-One CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6B MICROSmart All-in-One CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6A MICROSmart Plus CPU Module: v2.00 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6B MICROSmart Plus CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FT1A Controller SmartAXIS Pro/Lite: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "WindLDR: v8.20.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "WindEDIT Lite: v1.4.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Data File Manager: v2.13.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Restrict the network appropriately to prevent suspicious connections from untrusted devices",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Restrict the devices that can access PLCs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Manage ZLD files appropriately",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the information provided by the developer (document in Japanese).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2021-37401",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "summary",
"text": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.CVE-2021-37401 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37401"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "FC6A MICROSmart All-in-One CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6B MICROSmart All-in-One CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6A MICROSmart Plus CPU Module: v2.00 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6B MICROSmart Plus CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FT1A Controller SmartAXIS Pro/Lite: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "WindLDR: v8.20.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "WindEDIT Lite: v1.4.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Data File Manager: v2.13.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Restrict the network appropriately to prevent suspicious connections from untrusted devices",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Restrict the devices that can access PLCs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Manage ZLD files appropriately",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the information provided by the developer (document in Japanese).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2021-20826",
"cwe": {
"id": "CWE-523",
"name": "Unprotected Transport of Credentials"
},
"notes": [
{
"category": "summary",
"text": "An attacker may obtain the PLC web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted.CVE-2021-20826 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20826"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "FC6A MICROSmart All-in-One CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6B MICROSmart All-in-One CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6A MICROSmart Plus CPU Module: v2.00 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6B MICROSmart Plus CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FT1A Controller SmartAXIS Pro/Lite: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "WindLDR: v8.20.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "WindEDIT Lite: v1.4.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Data File Manager: v2.13.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Restrict the network appropriately to prevent suspicious connections from untrusted devices",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Restrict the devices that can access PLCs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Manage ZLD files appropriately",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the information provided by the developer (document in Japanese).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
},
{
"cve": "CVE-2021-20827",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"notes": [
{
"category": "summary",
"text": "An attacker may obtain the PLC web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted.CVE-2021-20827 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20827"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "FC6A MICROSmart All-in-One CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6B MICROSmart All-in-One CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6A MICROSmart Plus CPU Module: v2.00 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FC6B MICROSmart Plus CPU Module: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "FT1A Controller SmartAXIS Pro/Lite: v2.40 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "vendor_fix",
"details": "WindLDR: v8.20.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "WindEDIT Lite: v1.4.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Data File Manager: v2.13.0 and later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Restrict the network appropriately to prevent suspicious connections from untrusted devices",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Restrict the devices that can access PLCs",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "Manage ZLD files appropriately",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
},
{
"category": "mitigation",
"details": "For more information, refer to the information provided by the developer (document in Japanese).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
],
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009"
]
}
]
}
]
}
ghsa-m5r3-7h55-8p6v
Vulnerability from github
Published
2021-12-29 00:00
Modified
2022-01-08 00:00
Details
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
{
"affected": [],
"aliases": [
"CVE-2021-37401"
],
"database_specific": {
"cwe_ids": [
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-28T13:15:00Z",
"severity": "CRITICAL"
},
"details": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.",
"id": "GHSA-m5r3-7h55-8p6v",
"modified": "2022-01-08T00:00:43Z",
"published": "2021-12-29T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37401"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU92279973"
},
{
"type": "WEB",
"url": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A"
},
{
"type": "WEB",
"url": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer"
},
{
"type": "WEB",
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
cve-2021-37401
Vulnerability from jvndb
Published
2021-12-27 16:54
Modified
2022-01-11 16:36
Severity ?
Summary
Multiple vulnerabilities in IDEC PLCs
Details
Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below.
* Unprotected transport of credentials (CWE-523) - CVE-2021-37400
* Plaintext storage of a password (CWE-256) - CVE-2021-37401
* Unprotected transport of credentials (CWE-523) - CVE-2021-20826
* Plaintext storage of a password (CWE-256) - CVE-2021-20827
Khalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation, and IDEC Corporation reported
the case to JPCERT/CC and coordinated in order to notify users of the solutions through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU92279973/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37400 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37401 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20826 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20827 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20826 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20827 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-37400 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-37401 | |
| ICS-CERT ADVISORY | https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-03 | |
| Unprotected Storage of Credentials(CWE-256) | https://cwe.mitre.org/data/definitions/256.html | |
| Unprotected Transport of Credentials(CWE-523) | https://cwe.mitre.org/data/definitions/523.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-006117.html",
"dc:date": "2022-01-11T16:36+09:00",
"dcterms:issued": "2021-12-27T16:54+09:00",
"dcterms:modified": "2022-01-11T16:36+09:00",
"description": "Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below.\r\n\r\n* Unprotected transport of credentials (CWE-523) - CVE-2021-37400\r\n* Plaintext storage of a password (CWE-256) - CVE-2021-37401\r\n* Unprotected transport of credentials (CWE-523) - CVE-2021-20826\r\n* Plaintext storage of a password (CWE-256) - CVE-2021-20827\r\n\r\nKhalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation, and IDEC Corporation reported\r\nthe case to JPCERT/CC and coordinated in order to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-006117.html",
"sec:cpe": [
{
"#text": "cpe:/a:idec:data_file_manager",
"@product": "Data File Manager",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:idec:windedit",
"@product": "WindEDIT Lite",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:idec:windldr",
"@product": "WindLDR",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:ft1a_smartaxix_pro_firmware",
"@product": "FT1A Controller SmartAXIS Pro/Lite",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:microsmart_fc6a_firmware",
"@product": "FC6A MICROSmart All-in-One CPU Module",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:microsmart_fc6b_firmware",
"@product": "FC6B MICROSmart All-in-One CPU Module",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:microsmart_plus_fc6a_firmware",
"@product": "FC6A MICROSmart Plus CPU Module",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:microsmart_plus_fc6b_firmware",
"@product": "FC6B MICROSmart Plus CPU Module",
"@vendor": "IDEC Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-006117",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92279973/index.html",
"@id": "JVNVU#92279973",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37400",
"@id": "CVE-2021-37400",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37401",
"@id": "CVE-2021-37401",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20826",
"@id": "CVE-2021-20826",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20827",
"@id": "CVE-2021-20827",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20826",
"@id": "CVE-2021-20826",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20827",
"@id": "CVE-2021-20827",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37400",
"@id": "CVE-2021-37400",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37401",
"@id": "CVE-2021-37401",
"@source": "NVD"
},
{
"#text": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-03",
"@id": "ICSA-22-006-03",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/256.html",
"@id": "CWE-256",
"@title": "Unprotected Storage of Credentials(CWE-256)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/523.html",
"@id": "CWE-523",
"@title": "Unprotected Transport of Credentials(CWE-523)"
}
],
"title": "Multiple vulnerabilities in IDEC PLCs"
}
gsd-2021-37401
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-37401",
"description": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.",
"id": "GSD-2021-37401"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-37401"
],
"details": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.",
"id": "GSD-2021-37401",
"modified": "2023-12-13T01:23:09.930675Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A",
"refsource": "MISC",
"url": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A"
},
{
"name": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer",
"refsource": "MISC",
"url": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer"
},
{
"name": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf",
"refsource": "MISC",
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92279973/",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU92279973/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:idec:data_file_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:idec:windedit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:idec:windldr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.19.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:microsmart_plus_fc6b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:microsmart_plus_fc6b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:microsmart_plus_fc6a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:microsmart_plus_fc6a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:microsmart_fc6b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:microsmart_fc6b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:microsmart_fc6a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:microsmart_fc6a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:ft1a_smartaxix_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:ft1a_smartaxix_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:ft1a_smartaxix_lite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:ft1a_smartaxix_lite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37401"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer"
},
{
"name": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf"
},
{
"name": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A"
},
{
"name": "https://jvn.jp/en/vu/JVNVU92279973/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU92279973/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-01-07T20:29Z",
"publishedDate": "2021-12-28T13:15Z"
}
}
}
var-202112-2026
Vulnerability from variot
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. IDEC Provided by Co., Ltd. PLC The following multiple vulnerabilities exist in. * Sending unprotected credentials ( CWE-523 ) - CVE-2021-37400 ‥ * Plaintext storage of authentication information ( CWE-256 ) - CVE-2021-374010 ‥ * Sending unprotected credentials ( CWE-523 ) - CVE-2021-20826 ‥ * Plaintext storage of authentication information ( CWE-256 ) - CVE-2021-20827 This vulnerability information is reported directly to the product developer by the following reporter, and is provided by the product developer. JPCERT/CC There is an adjustment request in JPCERT/CC Is a reporter, product developer, ICS-CERT We made adjustments with and announced it. Reporter : FM Approvals Khalid Ansari MrThe expected impact depends on each vulnerability, but it may be affected as follows. * By a third party PLC User authentication information is obtained from the communication between the software and the software. ZLD From the file, the user's credentials are obtained by a third party. - CVE-2021-37401 ‥ * By a third party PLC From communication between software and PLC Web The server user's authentication information is acquired. as a result, PLC Web Deprived of full access to the server, PLC The output of PLC Is stopped - CVE-2021-20826 ‥ * File server, backup repository, SD Saved on a card etc. ZLD From the file, by a third party PLC Web The server user's authentication information is acquired. as a result, PLC Web Connect to the server and PLC By being hijacked PLC The output of PLC Is stopped - CVE-2021-20827 ‥ * Data file manager v2.13.0 And later. IDEC PLC is a programmable controller
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "microsmart fc6a",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "2.32"
},
{
"model": "windedit",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "1.3.1"
},
{
"model": "ft1a smartaxix lite",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "2.31"
},
{
"model": "microsmart fc6b",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "2.31"
},
{
"model": "microsmart plus fc6a",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "1.91"
},
{
"model": "data file manager",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "2.12.1"
},
{
"model": "windldr",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "8.19.1"
},
{
"model": "microsmart plus fc6b",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "2.31"
},
{
"model": "ft1a smartaxix pro",
"scope": "lte",
"trust": 1.0,
"vendor": "idec",
"version": "2.31"
},
{
"model": "ft1a \u5f62 \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 smartaxis pro/lite",
"scope": null,
"trust": 0.8,
"vendor": "idec\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "fc6a \u5f62 microsmart all-in-one cpu \u30e2\u30b8\u30e5\u30fc\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "idec\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "fc6a \u5f62 microsmart plus cpu \u30e2\u30b8\u30e5\u30fc\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "idec\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "fc6b \u5f62 microsmart plus cpu \u30e2\u30b8\u30e5\u30fc\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "idec\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "windldr",
"scope": null,
"trust": 0.8,
"vendor": "idec\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "windedit lite",
"scope": null,
"trust": 0.8,
"vendor": "idec\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30c7\u30fc\u30bf \u30d5\u30a1\u30a4\u30eb \u30de\u30cd\u30fc\u30b8\u30e3\u30fc",
"scope": null,
"trust": 0.8,
"vendor": "idec\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "fc6b \u5f62 microsmart all-in-one cpu \u30e2\u30b8\u30e5\u30fc\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "idec\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "plc",
"scope": null,
"trust": 0.6,
"vendor": "idec",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"db": "NVD",
"id": "CVE-2021-37401"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:idec:data_file_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:idec:windedit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.3.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:idec:windldr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.19.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:microsmart_plus_fc6b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:microsmart_plus_fc6b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:microsmart_plus_fc6a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.91",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:microsmart_plus_fc6a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:microsmart_fc6b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:microsmart_fc6b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:microsmart_fc6a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:microsmart_fc6a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:ft1a_smartaxix_pro_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:ft1a_smartaxix_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:idec:ft1a_smartaxix_lite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.31",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:idec:ft1a_smartaxix_lite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37401"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Khalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
],
"trust": 0.6
},
"cve": "CVE-2021-37401",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-02761",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-37401",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 7.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-006117",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-37401",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2021-006117",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-02761",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2603",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-37401",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"db": "VULMON",
"id": "CVE-2021-37401"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"db": "NVD",
"id": "CVE-2021-37401"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded. IDEC Provided by Co., Ltd. PLC The following multiple vulnerabilities exist in. * Sending unprotected credentials ( CWE-523 ) - CVE-2021-37400 \u2025 * Plaintext storage of authentication information ( CWE-256 ) - CVE-2021-374010 \u2025 * Sending unprotected credentials ( CWE-523 ) - CVE-2021-20826 \u2025 * Plaintext storage of authentication information ( CWE-256 ) - CVE-2021-20827 This vulnerability information is reported directly to the product developer by the following reporter, and is provided by the product developer. JPCERT/CC There is an adjustment request in JPCERT/CC Is a reporter, product developer, ICS-CERT We made adjustments with and announced it. Reporter : FM Approvals Khalid Ansari MrThe expected impact depends on each vulnerability, but it may be affected as follows. * By a third party PLC User authentication information is obtained from the communication between the software and the software. ZLD From the file, the user\u0027s credentials are obtained by a third party. - CVE-2021-37401 \u2025 * By a third party PLC From communication between software and PLC Web The server user\u0027s authentication information is acquired. as a result, PLC Web Deprived of full access to the server, PLC The output of PLC Is stopped - CVE-2021-20826 \u2025 * File server, backup repository, SD Saved on a card etc. ZLD From the file, by a third party PLC Web The server user\u0027s authentication information is acquired. as a result, PLC Web Connect to the server and PLC By being hijacked PLC The output of PLC Is stopped - CVE-2021-20827 \u2025 * Data file manager v2.13.0 And later. IDEC PLC is a programmable controller",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-37401"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"db": "VULMON",
"id": "CVE-2021-37401"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-37401",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU92279973",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-22-006-03",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006117",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2022-02761",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010709",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0083",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2603",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-37401",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"db": "VULMON",
"id": "CVE-2021-37401"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"db": "NVD",
"id": "CVE-2021-37401"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
]
},
"id": "VAR-202112-2026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02761"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02761"
}
]
},
"last_update_date": "2023-12-18T12:26:30.489000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Our company \u00a0PLC\u00a0 Contact regarding the vulnerability of",
"trust": 0.8,
"url": "https://support.quest.com/ja-jp/kb/288310/cert-coordination-center-report-update"
},
{
"title": "Patch for Unknown Vulnerability in IDEC PLC (CNVD-2022-02761)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/313186"
},
{
"title": "IDEC PLC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176482"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of credentials (CWE-256) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Unprotected transfer of credentials (CWE-523) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"db": "NVD",
"id": "CVE-2021-37401"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://us.idec.com/idec-us/en/usd/software-downloads-automation-organizer"
},
{
"trust": 1.7,
"url": "https://www.idec.com/home/lp/pdf/2021-12-24-plc.pdf"
},
{
"trust": 1.7,
"url": "https://us.idec.com/idec-us/en/usd/programmable-logic-controller/micro-plc/fc6a-microsmart/c/microsmart_fc6a"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu92279973/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92279973/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-03"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-37401"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010709"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-006-03"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0083"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-006117.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"db": "VULMON",
"id": "CVE-2021-37401"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"db": "NVD",
"id": "CVE-2021-37401"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"db": "VULMON",
"id": "CVE-2021-37401"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"db": "NVD",
"id": "CVE-2021-37401"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37401"
},
{
"date": "2021-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"date": "2021-12-28T13:15:08.267000",
"db": "NVD",
"id": "CVE-2021-37401"
},
{
"date": "2021-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-02761"
},
{
"date": "2022-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-37401"
},
{
"date": "2022-01-11T07:34:00",
"db": "JVNDB",
"id": "JVNDB-2021-006117"
},
{
"date": "2022-01-07T20:29:50.673000",
"db": "NVD",
"id": "CVE-2021-37401"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IDEC\u00a0 Made \u00a0PLC\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006117"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2603"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.